Security tokens, such as Smartcards and electronic documents, which are employed in authentication applications typically require the entry of secure authentication code information. A standard solution in authentication is the entry of code information through a keypad integrated into a Smartcard reader, a Smartcard terminal or through a computer keyboard that is connected to a Smartcard reader. These setups have the disadvantage that man-in-the-middle-attacks can compromise the secure code information transfer between the Smartcard and the host system in unencrypted formats.
Reports on these attacks are regularly published on the internet or through the media. End-users are scared about these attacks and as a consequence the acceptance of Smartcards in security relevant authentication applications, such as online payments or online applications based on electronic identity cards, decreases significantly. Security problems related to authentication through a Smartphone are even of greater public concern. Online payment transactions executed through a Smartphone are less secure than if they would be executed through a laptop or a PC, because security features like firewalls and virus scanners are still uncommon for Smartphones. Bluetooth pairing enables unwanted access by third parties to the Smartphone and attackers may install key logging applications or malware targeting at code spoofing.
To cope with this kind of security problems in online transactions Smartcards have been disclosed that comprise a numerical key pad for authentication code information entry, but these solutions lack interactivity. Online authentication using a contact or contact-less communication interface is not provided. These solutions are either ISO7816 contact-based or battery-operated stand-alone devices without a communication link that is required for seamless integration into web-based applications. A key-pad for code entry cannot be used if the token is attached to a contact reader. Direct match of authentication data on a Smartcard (match-on-card) is currently not feasible in online mode. All battery-powered solutions disclosed so far hardly meet the product quality and lifetime requirements of the aforementioned applications.
The available surface area for key-pad integration is very limited on a Smartcard resulting in unacceptable small key sizes. Especially elder people or people with visual or motoric impairments face problems with too small key pads. Also for other people authentication information entry on tiny key pads causes errors due to finger or stylus misalignment.
Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. In private and public computer networks (including the Internet), authentication is commonly done through the use of logon passwords. Knowledge of the password is assumed to guarantee that the user is authentic. Each user registers initially (or is registered by someone else) using an assigned or self-declared password. On each subsequent use, the user must know and use the previously declared password. This system is too weak for important transactions (such as the exchange of money) in that these passwords can often be stolen, accidentally revealed or forgotten. For this reason, Internet business transactions and many other transactions require a more stringent authentication process. Therefore, there exists a need for secure authentication through a contact-less token device comprising tactile pattern entry directly on a document's surface.
FIG. 1 is a detailed view of a prior art electronic paper display module. The display component is one of the most expensive components in current display-based authentication cards. The cost is mainly determined by the display driver function. The cost is further increased by the means necessary for integrating the display in the cards. Also, the substrate material for front and rear substrate represents a cost factor. The active display material is normally applied in very thin layers of 30-80 μm and is relatively inexpensive.
The displays currently used in display-based cards are either LCDs or electrophoretic displays; in rare cases electrochromic displays are used. Typically, displays of prior art token cards are of the segmented type (FIG. 1, FIG. 2), which means that they have single digits composed from 7 to 14 segments (FIG. 3). FIG. 2 is another detailed view of a prior art electronic paper display module. Also, FIG. 3 is an illustration of prior art segmented displays.
The visual impression of a character is better if it constructed from more segments. However, more segments also require more control signals which directly relates to the chip-size of driver components. In current chip design a certain minimum pitch between neighboring pads has to be implemented. This pitch is related to the assembly accuracy, which is related to units per hour (UPM) of component placements. A better UPM requires a larger pitch. A 14-segment display with a nice resolution will result in extremely high cost, especially when the display technology does not allow passive segment multiplexing as is the case with LCD, electrophoretic and electrochromic displays. Therefore, better approaches are required to reduce the display pin count.
With respect to power requirements, the electrophoretic displays seem to be of advantage if just the display power consumption is considered. The disadvantage of an electrophoretic display is its high voltage requirement. Actual E-Ink displays require voltages between 7V and 15V. If these voltages have to be generated from logic level that may be 2.5V, a multi-step charge pump needs to be involved. The charge pump has the disadvantage of area consumption for its capacitors and next to that quite a low efficiency, especially at low driving voltages. OLED displays require voltages in the range of 3.5V to 7V, which may also require a charge pump.
Some display materials provide bi-stability, which means that the display content is maintained without power supply for a long time. Electrophoretic displays are frequently used for token cards due to the low power consumption for display retention and also due to the long-term display bi-stability. Bi-stability of electrochromic displays depends on the material definition and ranges from minutes to days.
Current display cards utilize pre-manufactured display modules that are integrated during card assembly. The background is a virtual fence between the display provider and the document manufacturer. The display manufacturer produces a multipurpose display while the document manufacturer has limited specification requirements. Nevertheless the volume for specific displays is still too low for a separate display design. That is one of the reasons while still generic display modules are integrated into electronic documents. The available display modules are still too thick and moreover use their own substrate. During card integration a special compensation layer is required in the document construction to compensate the display topology. The display thickness of E-Ink displays is ˜300 μm, of LCD displays it is ˜400 μm.
FIG. 4 is an illustration of a prior art display assembly. The token body is fabricated from four substrate layers 11, 12, 15, 17. The pre-manufactured display 14a is assembled to the substrate 12 comprising the antenna 13. A compensation layer 15 comprising a cut-out 16 that compensates the topology of the display 14 is assembled on top of layer 12. A transparent layer 17 comprising an unprinted window area 18 is assembled on top of layer 15. Finally a transparent layer 11 with inside print forms the backside of the token and is assembled below layer 12. The assembled layers are laminated applying temperature and pressure for a defined time, resulting in the token body 21 with the visible display beneath window 19. This assembly approach requires a preassembled display module, display placement and attachment and an additional substrate layer with a cut-out to compensate the display's topology.
FIG. 5 is a collection of detailed views of prior art interactive authentication cards. Prior art security token cards with a simplified user interface (UI) have been disclosed for banking applications. These cards are used for the generation of one time passwords (OTP) based on a personal identification number (PIN). Different UI-layouts are required to fulfill the different needs. In the examples shown in FIG. 5 twelve button-keypads are used for PIN-entry or single buttons for PIN-independent OTP-generation. Each of these product configurations currently requires one hardware design resulting in initial design cost as well as cost of ownership.
The display cards shown in FIG. 5 are powered by integrated batteries. The batteries used in security tokens of the kind set forth have three main problems that make them incompatible with tokens for long-life documents, such as electronic identity cards:                The battery drains even if the device is not operated. The maximum operational lifetime is 3 years under low-temperature storage condition.        The batteries have a thickness of 450 μm and are difficult to integrate into electronic documents, especially into multifunctional cards. The height of 450 μm is not compatible with the height of display modules; hence an additional compensation layer is required to compensate the batteries topology.        The batteries introduce reliability problems because their outside material is not compatible with the materials used for documents in terms of mechanical and thermal properties. As a consequence, delamination occurs under mechanical stress.        
No authentication cards with user interfaces have been disclosed that are functional in contact-less mode. However, powering an ordinary Smartcard from the field is a common approach. Standard handbooks on Smartcards (for example “RFID Handbook: Fundamentals and Applications in Contactless Smart Cards, Radio Frequency Identification and Near-Field Communication”, Third Edition, by Klaus Finkenzeller, August 2010) teach to use a loop antenna with 6-7 turns. A standard reader providing field strengths between 1.5 and 7.5 A/m will not be able to supply a multifunctional card with the required power of up to 40 mW through that standard loop antenna.
FIG. 6 is a schematic of a prior art contact-less power supply. According to FIG. 6 the power supply provides a maximum voltage urectified to a subsequent Smartcard system at resonance of one of the sidebands of the modulated carrier. Based on compatibility requirements with old fashioned Smartcard ICs supply voltages of up to 5V need to be provided. Single functions Smartcards (no display, no input interface, and no advanced cryptographic functionality) have decent power consumption. Due the standardized applications a Smartcard must still receive sufficient supply voltage, even when the card is positioned at a certain distance away from the reader and if more than one Smartcard is within reach of the same reader. The Smartcard's antenna inductance L2 forms together with the capacitor C2 a resonator circuit with a quality factor high enough to achieve voltage increase by resonance. This voltage increase is required to provide sufficient voltage to standard cards.
FIG. 7 is a detailed view of a prior art interactive authentication card. Typically, interactive Smartcards used for authentication purposes provide a key pad interface for PIN-code entry. These key pad solutions have the following disadvantages:                The buttons are extremely tiny and difficult to use, especially by users with visual or motoric impairments like elder users. Also under certain use cases like emergency like situations operation of such a card is challenging.        The code space is limited to the numbers 0-9.        Anybody with access to the authentication information can use the card.        It is impossible to change the code space.        
Tactile pattern recognition methods have mainly been disclosed for personal digital assistants (PDA) and the latest Smartphone generations. Known character recognition systems for online handwriting recognition (OHR) are based on feature extraction, classification and selection. A standard implementation thereof comprises Hidden Markov Models. All these approaches target a good writer-independent recognition performance by identifying similarity patterns within tactile patterns of the same meaning.
The tactile pattern recognition recognizes a tactile pattern and assigns a predefined meaning to it, for example a digit. A combination of multiple tactile patterns is translated into a secret represented by a sequence of related meanings, for example a sequence of digits. The resulting feature extractors are configured to neglect all differences between tactile patterns with the same meaning. High recognition performance translates into elimination of all writer-dependent characteristics. This recognition process consumes a lot of computational resources resulting in high power requirements for the recognition system.
The implementation of a Hidden Markov Model on a Smartcard would consume too much energy due to the required calculations. Still, the disclosed OHR approaches are designed to achieve good recognition performance despite user variation. Quite often standard handwriting databases are applied (“CASIA Handwriting Database”, “Online Western Handwritting Unipen Database”, “NIST Handprinted Forms and Characters Database”) to benchmark the recognition performance. When successfully benchmarked, the recognition algorithm has completely removed a writer-dependent characteristic, which is not at all desired for an authentication system. In other words, for an authentication system it would be desirable to maintain these writer-dependent characteristics.
FIG. 8 is an illustration of international character samples. Prior art gesture recognition systems utilize feature-based recognition approaches. These approaches require complex local character feature definitions if user interfaces are to be adapted to another foreign character set. Feature extraction for local character sets as shown in FIG. 8 can be an effort-consuming process. Even after adoption to local character sets users with a different local background, like immigrants or guest workers, may not be able to enter characters in a recognizable format. The same applies to people with motoric impairments that have to write characters in a complete different style. For many applications, especially online applications, a fast localization is a key requirement and no user group must be excluded. Prior art recognition systems do not allow an interactive user-related feature definition.
The code space in prior art authentication applications for Smartcards is restricted to 10n numbers in case of PIN-code entries with n being the number of digits assembling the PIN. Full alphanumerical support is currently not provided for token-based solutions as prior art tokens lack the space to implement an alphanumeric keypad.
FIG. 9 is a detailed view of a prior art secure contact-less reader with an authentication interface. Such a reader may be configured to receive an electronic identity card. On an electronic identity card of this kind authentication code information may have to be entered through a secure (but expensive) reader device as depicted in FIG. 9. If a PC or Laptop is used to enter authentication information unauthorized access i.e. by key-loggers becomes feasible. Other attacks make use of the browser plug-in communicating with the Smartcard through the reader-DLL in order to get access to the PIN-code stored on the Smartcard.
Prior art authentication cards are not able to connect during the entry of authentication information to a remote service. Especially for web-based applications it is a key requirement that a security token seamlessly integrates into the communication chain from the web application to the token and vice versa.
Currently, contact-less communication according to ISO14443 is well introduced for electronic documents. Due to the nature of magnetic coupling communication through the contact-less interface may be easily intercepted by unauthorized thirds. Electronic documents are optimized for improved reading distance in order to support ease of use i.e. in border control applications. Border control is a minor application related to the expected use of electronic documents for authentication in online transactions. In online transaction applications the card is with close to 100% probability directly attached to a contact-less Smartcard reader and extended read range is not required and, in case of authentication, not wanted.
FIG. 10 is an illustration of the prior art available interface area in communication mode. Disclosed token cards are mainly banking cards (see FIG. 5 and FIG. 7) based on ISO7816 contact based interfaces. The user interfaces of the known token cards are conflicting with other component placements. If a contact-based card is attached to a contact reader, a big portion of the card disappears in the reader (shaded overlay area in FIG. 10), leaving a very small surface area for any form of interactivity. Typically, banking cards do not support any interactive mode while attached to a reader. In view thereof online authentication is not feasible.
Typically, security tokens have a user interface with extremely tiny buttons (see FIG. 7 and FIG. 10). The button size is restricted such that buttons must not interfere with the antenna, a potential embossing area and a potential magnet stripe. Document owners with visual or motoric impairments are unable to operate the device. Especially elder persons have difficulties with this sort of interface. The exclusion of such a large user group is not acceptable.
FIG. 11 is an illustration of blocking areas for interactive sensors in prior art authentication cards. Prior art token cards have tight restrictions for input element placements. Button areas are normally kept separately from necessary card information areas. They must also not interfere with the cards corporate ID elements. As a consequence, the resulting button areas are extremely small. The illustration in FIG. 11 indicates blocking areas 61-65 of battery-powered token cards. The following components define the key area restrictions: battery 62, contact mode interface (ISO7816) 61, display module 63 and Corporate Identity elements 64-65.
Prior art security tokens are relatively costly due over-specification, especially in the display interface. Furthermore, none of these security tokens comply with basic authentication requirements, such as a lifetime of at least 10 years, an interactive mode, NFC compatibility and on-card matching functionality.